iamtakingiteasy requested to merge iamtakingiteasy/pleroma-fe:strip-unbalanced-attributes into develop May 30, 2023

Status with HTML content like

<a title=&quot;foo&quot[1]>

gets normalized to <a title="foo&quot" 1=true> and if received by pleroma-fe causes vue to set an attribute named "1", which fails on DOM setAttribute method.

In production mode this sends fe into endless error loop, making browser tab completely unresponsive.

This MR fixes the issue of attributes starting with non-letters being allowed.

Changes

Fixes HTML attribute parser, allowing only attributes with leading letter.

Edited May 30, 2023 by iamtakingiteasy

Fix HTML attribute parsing, discard attributes not strating with a letter

Changes

Merge request reports